UNPKG

xhtml-purifier

Version:

Simple HTML purifier/cleaner for untrusted HTML.

github.com/cstigler/node-xhtml-purifier

cstigler/node-xhtml-purifier

68 lines (63 loc) 3.37 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
var expect = require('chai').expect; var XHTMLPurifier = require('./XHTMLPurifier'); describe('XHTMLPurifier', function() { // general it('works on normal <p>s', function() { var html = 'this is a test'; expect(XHTMLPurifier.purify(html)).to.equal('<p>\n this is a test\n</p>'); }); it('strips html with weird word tags', function() { var html = '<ol><li><o:p></o:p><span>Hello, World!</span><o:p>&nbsp;</o:p></li></ol>'; expect(XHTMLPurifier.purify(html)).to.equal('<ol>\n <li>\n Hello, World! \n </li>\n</ol>'); }); it('passes html with bold tags', function() { var html = 'Testing <b>some bold</b> and testing'; expect(XHTMLPurifier.purify(html)).to.equal('<p>\n Testing <strong>some bold</strong> and testing\n</p>'); }); it('passes html with italics tags', function() { var html = 'Testing <i>some italics</i> and testing'; expect(XHTMLPurifier.purify(html)).to.equal('<p>\n Testing <em>some italics</em> and testing\n</p>'); }); it('works on escaped html', function() { var html = "&lt;script src=&quot;something&quot;&gt;&lt;/script&gt;"; expect(XHTMLPurifier.purify(html)).to.equal('<p>\n &lt;script src=&quot;something&quot;&gt;&lt;/script&gt;\n</p>'); }); // tables it('works with tables', function() { var html = "<table>"; html += "<caption>Caption</caption>"; html += "<thead><tr><td>Header</td></tr></thead>"; html += "<tbody><tr><td>Row</td></tr></tbody>"; html += "</table>"; expect(XHTMLPurifier.purify(html).replace(/\s+/g, '')).to.equal(html); }); it('works with empty tables', function() { var html = "<table></table> <p>Hola</p>"; expect(XHTMLPurifier.purify(html)).to.equal("<p>\n Hola\n</p>"); }); it('fixes bad tables', function() { var html = "<table>"; html += "<caption>Caption"; html += "<thead><th><td>My Header</td></th>"; html += "<tbody><tr><td>Row</td></tr>"; html += "</table>"; //FIXME: Somehow the <tr> in <thead> is followed by two carriage returns var expected = "<table>\n <caption>\n Caption\n </caption>\n"; expected += " <thead>\n <tr>\n <td>\n My Header\n </td>\n </tr>\n </thead>\n"; expected += " <tbody>\n <tr>\n <td>\n Row\n </td>\n </tr>\n </tbody>\n"; expected += "</table>"; expect(XHTMLPurifier.purify(html)).to.equal(expected); }); it('strips table elements outside of tables', function() { var html ="Hello <tr><td>World!</tr></td><table>Thingy</table>"; var expected = "<p>\n Hello World!\n</p>\n<table>\n Thingy\n</table>"; expect(XHTMLPurifier.purify(html)).to.equal(expected); }); it('works with a table with two tbodys and tfoot', function() { var html ="<table><tbody><tr><td>Testing</td><tbody><tr><th>Another test</th></tr></tbody><tfoot><tr><td>Testing</td></tr></tfoot>"; var expected = "<table>\n <tbody>\n <tr>\n <td>\n Testing\n </td>\n </tr>\n </tbody>\n"+ " <tbody>\n <tr>\n <th>\n Another test\n </th>\n </tr>\n </tbody>\n"+ " <tfoot>\n <tr>\n <td>\n Testing\n </td>\n </tr>\n </tfoot>\n</table>"; expect(XHTMLPurifier.purify(html)).to.equal(expected); }); });